1/03/2012 @ 9:00AM

Web Vigilantes

One morning in mid-August, seven months into the Arab Spring protests and government crackdowns in which thousands have been killed, something strange happened on Syrias Internet. As users aimed their Web browsers at Google and Facebook, they instead saw a page of white Arabic script scrawled across a black background.

This is a deliberate, temporary Internet breakdown. Please read carefully and spread the following message, it read. Your Internet activity is monitored.

Then the page switched to a white screen filled with instructions on using free encryption and anonymity software like Tor and TrueCrypt to evade surveillance and censorship. Emblazoned above the text was a round, mysterious symbol: a star inside an omega, hovering over a pyramid surrounded by lightning bolts. Below it were written the words: This is Telecomix. We come in peace.

Telecomix, a loose-knit team of international hacktivists, had been scanning the Syrian Internet in a massive sweep, dividing 700,000 target connections among its members in Germany, France and the U.S., probing for hackable devices with software tools like Nmap and Shodan. They compromised vulnerable Cisco Systems-produced network switches to find other devices passwords, snooped on open cameras revealing street scenes and even officials desks, and at one point retrieved the log-in credentials for 5,000 unsecured home routers, which they used to insert the above-mentioned surveillance warning into browsers across the country.

As the globally distributed hackers combed Syrias networks and posted their findings in a crowd-sourced document, one American member of the group, who uses the ­handle Punkbob, spotted a Windows FTP server filled with data he recognized: logs from a Proxy SG 9000 appliance built by the Sunnyvale, Calif.-based company Blue Coat Systems. In Punkbobs day job at a Pentagon contractor, he says, the same equipment had been used to intercept traffic to filter and track staff behavior. The Syrian machines logs showed the Internet activity of thousands of users, connecting the sites they attempted to visit and every word of their communications with the IP addresses that pointed ­directly to their homes. In short, he had discovered American technology being used to help a brutal dictatorship spy on its citizens.

At first we were just poking around, but when I saw that, I had this feeling of dread, says Punkbob, who ­requested that FORBES not use his real name. To see ­exactly what Syria was tracking and who was providing the technology to do it. That was when it felt real.

Since Telecomix published 54 gigabytes of those logs, the resulting attention has forced Blue Coat to admit that its gear had been used by Syria, a potential violation of international sanctions against that country. The company didnt respond to FORBES request for an interview, citing an ongoing internal review and a related Commerce Department probe. (Note that the investigation didnt deter private equity firm Thoma Bravo and the Ontario Teachers Pension Plan from a recent deal to take Blue Coat private for $1.3 billion.)

The disclosure of Blue Coats gear in Syria has touched off revelations that hardware from other U.S. firms, in­cluding NetApp and HP, was also used by blacklisted regimes. The industry now faces tough new questions about tech firms responsibility for how their products are usedand by whom.

Telecomix sees its Blue Coat discovery as a turning point in the groups mission: Founded to fight for free speech, it now aims to also expose those who fight against that ideal, including any Western tech firm aiding the wrong side. I hope that the Blue Coat thing was the start of something much bigger, says Chris Kullenberg, a lean and lip-pierced Swedish political science grad student at the University of Gothenburg and a Telecomix founder. The goal is to put political pressure on these companies. It started with rage and frustration. What can we do? Well, we can hack a few boxes and expose this to the world. Thats the motivation that drives hackers deeper and deeper into the networks.

Telecomix likely broke Syrian law. But some more traditional advocates ­appreciate their work. It crosses a line we wouldnt be comfortable crossing, says Brett Solomon, president of the ­digital human rights group Access Now. But sometimes it takes someone like ­Telecomix to put a spanner in the works.

Actively hacking networks is a new game for Telecomixs Web revolutionaries, who call each other agents or Internauts. But unlike the hacker group Anonymous, which began with juvenile pranks before attacking Scientologists, opponents of WikiLeaks and defense contractors, Telecomix was born political. The group was created at a Gothenburg conference in 2009 to oppose the European Unions so-called Telecoms Package, industry-influenced laws that would have cut Internet access for anyone repeatedly downloading copyrighted files. In a sense, corporations have always been the enemy, says Kullenberg.

The hackers dug up and published the phone numbers of every EU Parliament member, then convinced the copyright-flouting Swedish download site the Pirate Bay to post a link on its home page, which received 20 million monthly visitors. The Parliaments phones were jammed for days, and the statute was eventually dropped.

The populist uprisings of the Arab Spring brought Telecomixs goalsand its enemiesinto sharper focus. A few days into the Jan. 25 protests in Egypt Hosni Mubarak shut down all but one of his countrys Internet service providers. Telecomix members consider themselves citizens of the Internet, says one American Telecomix hacker who goes by the nickname the Doctor. So we took that as a personal affront. Agents arranged with the hacker-friendly Internet provider French Data Network to fire up modem banks and give users free dial-up connections. Then the group faxed thousands of leaflets to Egyptian universities, offices and cybercafes, explaining how to skirt the blackout.

Telecomixs scanning of the Syrian Net began as reconnaissance to prepare for an Egypt-style Internet shutdown. Stumbling onto the Blue Coat logs was a fateful fluke. When the hackers realized what theyd found, they downloaded close to 100 gigabytes of data, using the Tor anonymization network to cover their tracks. The process took weeks. In October Telecomix released hundreds of millions of lines of text listing hundreds of sites the Syrian government was blocking, from porn to Facebook to Chat­roulette, along with enough users communication logs to show that the regime was using their Blue Coat gear to not only filter but also monitor dissidents activities.

Blue Coats scandal demonstrates the complexity of ­regulating surveillance technology. The firm claims it hadnt known about its devices in Syria, arguing they must have found their way into the country through a reseller in the United Arab Emirates. Blue Coat is mindful of the violence in Syria and is saddened by the human suffering and loss of human life that may be the result of actions by a repressive regime, it wrote in a statement. We dont want our products to be used by the government of Syria or any other country embargoed by the United States. But critics like cryptography guru Bruce Schneier and Tor developer Jacob Appelbaum point out that Blue Coat devices link back to its servers for ­licensing and updates, implying the company may have turned a blind eye to its Syrian users.

Some Telecomix agents say theyve also spotted equipment sold by Fortinet in Syria. Fortinet responds that it has in place a policy prohibiting shipping its product to countries where shipment is embargoed. And what about resellers who pass it on to those countries? At that point its out of our hands, a spokesperson says.

Hazy as the line may be, its clear some companies have crossed it. Marketing documents published by Wiki­Leaks show 160 firms advertising surveillance gear, often in Arabic as well as English. British firm Gamma Inter­national brags that it can spy on users of Gmail, Skype and iTunes; its sales pitch was found in the files of the Egyptian government after Mubarak fled.

Telecomix is determined to remain a watchdog against Western firms aiding foreign Big Brothers. Two Swedish members, Chris Kullenberg and Jonatan Walck, have ­registered a site called Internaut.cat where they plan to publish future disclosures of the groups findings, using Swedens strong media laws to shield their sources.

Were at a point now where Internet users are becoming aware of whats being done to them, says the Doctor. Companies that sell gear designed to track people should expect to be outed.